ALARMED: A Map to Your World

The Google Maps beta site is fast and, sometimes, smart. Type in Cambridge restaurants and a map pops up with pin-pointed locations with addresses, phone numbers and links to websites. The maps are simple, easy to navigate and you can scroll and zoom them smoothly. The business case is obvious: Businesses will pay tidy little sums to be prominently featured on maps. The more money you give Google, the better play you get. It's yellow pages on steroids.

Google Maps also provides the option to view satellite images instead of illustrated maps. That's great if you want to know how close a neighbourhood is to schools or parks, or as Google's blog says, if you want to "check out the 'beach' in 'beachfront.'" Not so great if you're trying to protect critical infrastructure. Remember all those pictures of landmarks the FBI found on alleged terrorists' computers? It took me 54 seconds to find a crisp (beautiful, actually) overhead shot of the Golden Gate Bridge.

The pinpoints on the maps also offer the option to retrieve directions to that location from anywhere. That's great if an old friend comes to town to meet you for lunch. Not so great for chief security officers who know workplace violence is already one of their top concerns.

What's more, you don't even need to ask for a location to find one. Google connects locations to the logic of its text searches so that, for example, when you type in my name you get my place of work, even if you didn't search for it. In Google Maps' beta version at least, this creates pretty shoddy maps. In addition to my office, a search on me turned up Internet Bearer Underwriter's Corp along with a map to get there. I couldn't figure out why at first, but it turned out someone who worked there had posted one of my Alarmed columns on a discussion board.

That's pretty useless. But here's a less harmless example: I tried larry page mountain view. Page is Google's co-founder and Mountain View is his business's headquarters. The search turned up Google's offices, all right. But then it seemed to link to any "Larry" it could find near Mountain View. There was a link to the details of a speaking engagement, "Larry Everest on Bush Agenda" at Stanford, on the website for the Peninsula Peace and Justice Center. Maybe this means Larry Page is also anti-war? Does this link have anything to do with him? I wonder how he feels being linked to this event. I wonder how Larry Everest feels being linked to the co-founder of Google?

I wonder how anyone feels being mapped, not quite randomly, to people who share only geography and some minor fact that makes Google's convoluted search algorithms think they're related.

Let's be clear: I'm not against this kind of application or the technology behind it. As a journalist, I certainly don't believe in blunt restrictions on information access. I'm not arguing to ban Google Maps or to sue Google every time a deranged man uses the application to figure out how to get to the office of his ex to do violence. I don't think Google is immediately liable if someone accesses Maps to rob a store or find the best place to leave an explosive package near a convention centre without being detected.

However, I am arguing that maybe the company should have considered these eventualities before a billion people got access to the thing. In a way, what bothers me is how much potential the application has-enough to make mapping and location intelligence so easy that it creates new dangers.

So, why not have a discussion about the fact that these unprecedented levels of simplicity and ubiquity create new dangers (or, if you prefer, new opportunities for anyone motivated to do harm)? Why not stop before you throw it out there and consider that this might require new policies and, yes, perhaps require new restrictions on access (but hopefully as few as possible)?

Well, first because IT has always shirked ethics as a detriment to progress and innovation, sadly. But specifically in this case, because such a discussion might have slowed down Wall Street's darling, affected that white hot stock price.

So instead of social responsibility, we get callousness. The Maps product was launched as a beta product seemingly with zero forethought given to privacy, security or safety. On Google's blog, on its Maps demo page and on the Google Maps and Google Local pages themselves, there wasn't a single mention of, or link to, a privacy policy when I visited. There was no proper use statement. No disclaimer. No indication anywhere that an internal conversation happened, never mind a public policy discussion.

I asked Google about this. I imagined they would argue that all this information was available anyway. Mapquest has given us directions for a long time. Verizon and other phone companies offer white pages and yellow pages. All Google did was aggregate. Make it easy to get everything in one place, fast. Information doesn't hurt people. People who misuse information hurt people. Hey, Google's just the messenger.

In fact this is precisely what Google and its "location intelligence" technology provider Keyhole argued when I sent them nine questions and got one abstracted reply. (See the transcript below.) "Keyhole is built from information that is already available from both commercial and public sources," wrote PR rep Barry Schnitt. "The same information is available to anyone who flies over or drives by a piece of property."

I was also directed to Google's general privacy statement, its general terms of service statement and the terms of use for the Google Local search engine. Neither the privacy policy nor the general terms of service mentions "maps" once. The terms of use page for Google Local mentions maps a lot, but only in the context of intellectual property ownership and accuracy of the maps. Privacy is not addressed.

In other words, the Maps product, while new and powerful, doesn't merit a rethinking of the general canned lawyerspeak that already governs the rest of Google.

When privacy was addressed publicly, it was blown off with a remarkably narrow and careless observation by John Hanke, the general manager of Keyhole. No reason to worry, Hanke told The New York Times, "Because the images generally are six to 12 months old. And it's not like you are going to be able to read a license plate on a car or see what an individual was doing when a particular image was taken."

If he really believes his own explanation, and wasn't simply blowing off the reporter, then Hanke has no earthly idea about security, safety and privacy. As if the fact a map is old will prevent someone from using it for workplace violence, or mischief against public places and symbols. As if the only way to violate privacy is to give away certain self-identifying characteristics.

Irresponsible, if you ask me. Think of it this way: If a large port rolled out a new, highly efficient vessel tracking system which helped it load and unload ships, only later it turned out that the efficiency gains threatened the port security and safety, there'd be Capitol Hill hearings faster than you can say steroids. Entire bodies of law exist to govern what ports can and can't do, and those laws come at the expense of efficiency (and hence, profit). You're not allowed to introduce products into the ports without public policy discussions first.

But in the IT industry, laissez-faire ethics rule and the sense of public responsibility is nil.

Latest Videos

Hear from Invictus Games Sydney 2019 CEO, Patrick Kidd OBE and Head of Technology, @James-d-smith -share their insights on how they partnered with Unisys to protect critical data over an open, public WiFi solution.

With so much change all the time, how can executives best prepare their businesses to meet the security challenges of the coming years? CSO Australia, in conjunction with Mimecast, explored this question in an interactive Webinar that looks at how the threat landscape has evolved – and what we can expect in 2019 and beyond.

According to new research conducted by the Ponemon Institute, Australia and New Zealand have the highest levels of data breaches out of the nine countries investigated. This was linked to heavy investment in security detection and an under-investment in security and vulnerability response capabilities

Copyright 2018 IDG Communications. ABN 14 001 592 650. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of IDG Communications is prohibited.